Method and apparatus for managing configuration of a network

ABSTRACT

This method for managing configuration of a network in a management center, said network having a plurality of target objects, comprises: elaborating a model of the network to be managed; identifying ( 32 ) a plurality of target objects to be configured in the network; validating ( 32 ) the changes to be made upon configuration of the plurality of target objects; and, if all changes are validated: finding ( 34 ) a sequence of target routers that provides continuous connectivity to said management center; and configuring ( 36 ) each of said target routers. Application to large-scale IP networks.

The present invention relates to a method and apparatus for managing configuration of a network.

The invention finds application in the field of telecommunication networks. It is described here, by way of non-limiting example, in its application to a network of the Internet type.

Internet Protocol (IP) is a communication protocol that interconnects various hosts. In general, IP hosts are computers implementing an IP protocol stack and applications.

A set of directly connected hosts, e.g. a set of hosts sharing a single cable, are able to communicate directly with each other. Such a construction is called an IP network or sub-network, or simply an IP subnet.

In the case where these hosts are not connected directly, e.g. there are two separated physical links, additional equipment is needed in order to provide IP connectivity between the hosts on these physically separated IP subnets. Such additional equipment is referred to as a router.

A router connects a plurality of IP subnets and enables hosts of different subnets to “talk” to each other through the router.

The router is a computer having hardware and software adapted to forward received IP packets sent by the hosts.

As is well known by a person skilled in the art, routers support protocols, services and many other functions. The operation of these functions is controlled by variables and parameters.

A set of values of these variables and parameters is a configuration. The network administrator controls the operation of a router through configuration management, i.e. by setting and changing these values. Configuration management of a router is called “element configuration management”.

Configuration of routers and hosts in a network is called “network configuration”. It has the meaning of planning and setting functionalities of the network which are valid for the whole managed network or part of it. Such functionalities include for instance routing protocols, forwarding policies, virtual private networks, features relating to quality of service, etc. Moreover, there are link-related configurations, e.g. IP over Point-to-Point connections. Each router has its individual part of configuration, such as special attributes of layer 1, layer 2 interfaces, software configuration, etc.

There are currently many known ways to manage IP based data communication networks, belonging basically to two main categories: manual configuration methods and indirect configuration methods. In manual configuration methods, the network administrator accesses a network device to be managed and, using an element management method, he sets the attributes to be configured. In indirect configuration methods, the network administrator uses an application to access the network device to be configured and to carry out the element management. The network device is thus managed indirectly by the network administrator.

An important feature of IP manual configuration is per-element management, which implies accessing one by one each host and/or router to be configured.

For per-element management, only a few element management methods are currently used, such as methods using the Command Line Interface (CLI) command set, methods based on configuration file editing, menu-based element management, element management methods using the SNMP (Simple Network Management Protocol) standard protocol with the Management Information Base (MIB) defining managed objects and their attributes, or Web-server based element management.

When a large-scale IP network, i.e. having a number of routers of the order of hundreds or thousands, is to be managed using the above-mentioned configuration management methods, some problems arise.

As a matter of fact, the configuration of a router includes:

-   -   element specific values, which are relevant only for one node         and have no correlation with other nodes;     -   link specific values, which are relevant for the routers         connected to a given link, are typical for the link and must be         the same in the connected routers (for example: IP subnet mask,         Open Shortest Path First (OSPF) adjacency parameters, etc.); and     -   domain specific values, which are typical for a logical managed         object defined in the network (such as an OSPF area, a         Differentiated Services (DiffServ) domain, etc.) and which are         relevant for many routers.

When the network administrator has defined the values of the attributes to be set, he has to make corresponding changes on the relevant routers. In the case of link or domain specific configuration, in a large-scale network, the following problems, detailed hereafter, arise:

-   -   the configuration cost increases drastically,     -   target identification, i.e. localisation of the elements to be         configured in the network, becomes more complex,     -   validation of the changes to be made is made more difficult, and     -   making the element management operations from one point in the         network requires a proper execution sequence but the latter         becomes hard to find.

Regarding the configuration cost, assuming for example that the network administrator has to change the identifier of an OSPF area having 500 routers, even if the identifier is represented by only one attribute, the network administrator will have to change 500 attributes. This is very time-consuming.

Regarding target identification, in the above example, the network administrator has to know somehow which are the 500 routers concerned by the change. Moreover, due to the large size of the network, it is difficult to have an overview of all relationships existing between configurations. In some cases, indirect target routers may also be concerned by the change. For example, when the network administrator wants to transfer several routers from an OSPF area into another one, he has to take care to take account of all interfaces affected by the transfer in order to avoid link failures. This kind of indirect target identification can only be done by performing an analysis of the topology and of the special characteristics of the managed object. In a large-scale network, this is not trivial.

Regarding validation, it has to be determined whether the required change leads to a valid state, i.e. whether the network with the new configuration serves its purpose. It also becomes difficult in a large-scale network, due to the fact that dozens of routers will be configured as part of a change. Performing an analysis of the new state within a reasonable amount of time is impossible.

Regarding the execution sequence issue, as for target identification and for validation, it is important to see the special characteristics of the configured managed object and the topology in order to know the effect of the changes involved by configuration. For example, when configuring an OSPF link, due to the fact that the OSPF link is established only if its attributes have the same values in each connecting interface, the sequence of setting the target interfaces is of particular relevance. The greater the number of targets, including indirect targets, the more difficult the task.

The present invention aims at simplifying the configuration management process in order to overcome the above-mentioned drawbacks.

To this end, the present invention provides a method for managing configuration of a network in a management centre, the network having a plurality of target objects, remarkable in that it comprises:

-   -   elaborating a model of the network to be managed;     -   identifying a plurality of target objects to be configured in         the network;     -   validating the changes to be made upon configuration of the         plurality of target objects; and, if all changes have been         validated:     -   finding a sequence of target routers that provides continuous         connectivity to the management centre; and     -   configuring each of the target routers.

Thus, thanks to the present invention, the network administrator can concentrate on actual network-wide object management instead of complex and time-consuming distributed, per-element implementation.

Furthermore, the per-element operations are carried out by the network management application instead of being performed by the network administrator, saving a considerable amount of time and reducing the risk of human errors.

The invention is particularly adapted to be applied to large-scale IP networks.

In a preferred embodiment, the above-mentioned model of the network is based on the CIM (Common Information Model) schema.

In a preferred embodiment, the identification step includes identifying direct target objects and indirect target objects.

In a preferred embodiment, the validation step includes checking the compliance of the changes to be made upon configuration with a predetermined set of rules.

In a preferred embodiment, the network is an IP based mobile access network.

The present invention also provides a computer program product, loadable into a computer, comprising software code portions for implementing the steps of a method as above when the product is run on a computer.

The present invention also provides an apparatus for managing configuration of a network in a management centre, the network having a plurality of target objects, remarkable in that it comprises:

-   -   a module for elaborating a model of the network to be managed;     -   a module for identifying a plurality of target objects to be         configured in the network;     -   a module for validating the changes to be made upon         configuration of the plurality of target objects;     -   a module for finding a sequence of target routers that provides         continuous connectivity to the management centre; and     -   a module for configuring each of the target routers.

The particular features and advantages of the computer program product and of the apparatus are similar to those of the method as succinctly described above and are therefore not repeated here.

Other features and advantages of the present invention will appear upon reading the following detailed description of a preferred embodiment, given by way of non-limiting example.

The description refers to the accompanying drawings, in which:

FIG. 1 shows the basic building blocks of a conventional DEN-based network management architecture;

FIG. 2 shows the network management architecture in accordance with the present invention, in a preferred embodiment; and

FIG. 3 illustrates the configuration operation control steps performed by the network manager application in accordance with the present invention, in a preferred embodiment.

The method and apparatus according to the present invention are based on the Directory-Enabled Networking (DEN) concept. This is an industry-standard initiative and specification for how to construct and store information about a network's users, applications and data in a central directory. DEN defines an object-oriented information model that is based on another recent standard initiative, the Common Information Model (CIM). CIM is a model for describing overall management information in a network/enterprise environment. CIM comprises a specification and a schema. The specification defines the details for integration with other management models, while the schema provides the actual model descriptions.

Both the DEN and CIM models are mapped into the directory defined as part of the Lightweight Directory Access Protocol (LDAP).

As known by a person skilled in the art, LDAP is a software protocol for enabling anyone to access a Directory service to retrieve or manipulate data stored in the Directory, e.g. data of organisations, individuals, and other resources such as files and devices, in a network.

By entering specific information about the network in the central directory using the proper mapping of a CIM model, network information then becomes available to any DEN-enabled application in the network. When a user attempts to open one of these types of applications on the network, the application checks dynamically in the LDAP global directory in order to see what the user's access privileges should be. The application can then automatically open and configure itself to provide the correct level of access to its features, based on the usage policy information it has located in the LDAP directory.

As shown in FIG. 1, the central part of a conventional DEN-based network management system as standardised by the DMTF (Desktop Management Task Force) is a Directory server 10.

The Directory server 10 contains management data using a CIM model 12. Such a Directory server may for example be an LDAP directory.

A management station 14, controlled by the network administrator or operator 15, contains software adapted to communicate with the Directory server 10—not directly with the managed devices—and operates on data in order to manipulate network configuration, i.e. to make the required network configuration changes.

A router 16 with DEN support has an LDAP client and uses the same data model as the management station 14. The management station 14 triggers the router 16 to update a plurality of objects. The triggered router initiates LDAP queries to download the new configuration data and refresh its relevant objects and consequently its configuration.

For a router 18 without DEN support, legacy ways such as telnet/CLI, SNMP, etc. may be used in order to carry out the configuration changes made in the Directory server 10.

As shown in FIG. 2, the network configuration management method and apparatus according to the present invention improve the DEN architecture.

According to a first feature of the invention, the CIM schema models all entities in the network to be managed and the modelling of the network does not reflect the physical entities in the network, but reflects the logical management objects in the network. For example, an OSPF area is represented as one object holding its attributes, instead of having each router represented as one object holding the OSPF area parameters. The OSPF area class aggregates the interfaces that are in the same area. Therefore, if there is a configuration change in an OSPF area, the management software knows that the changed values apply to the routers having an interface associated with the changed area object. Such an approach not only reduces the network administrator's workload, but it also decreases the probability of human errors.

According to a second feature of the invention, a set of rules 20 connected to the model is generated to ensure consistency and validity of the configuration manipulations. The rule set defines how the application can create, modify or delete an object. The rules follow the behaviour of the modelled managed object. For example, a rule may state that an OSPF interface can only be created and configured on an IP interface of a router in the case where the associated router has an associated OSPF process. As another example, a rule may require that an IP interface cannot be shut down since it has an active OSPF interface, in order to ensure that the routing configuration will be valid all the time.

The rule set makes it possible to prevent the network configuration—and the network—from defining wrong or meaningless configuration changes. This is a way for the application to filter the configuration change requests before “touching” the network.

According to a third feature of the invention, a configuration operation control mechanism 22 is implemented in the management software of the management station 14. This mechanism includes identifying a plurality of target objects to be configured in the network, validating the changes to be made upon configuration of these target objects and, if all changes are validated, finding a sequence of target routers that provides continuous connectivity to the management station 14 and configuring each of the target routers.

The configuration operation control mechanism 22 is illustrated in more detail in FIG. 3.

The network manager application, forming part of the management software contained in the management station 14, carries out the configuration operation control mechanism 22.

This is a so-called network-wide configuration operation. During a first step 30, the network administrator defines the configuration operation (e.g. reboot, stop, start, etc.) by manipulating the configuration data modelled by the network-wide CIM schema. For example, the network administrator selects an OSPF area and requests a change of this area's identification parameters.

During the next step 32, the network manager application defines the direct targets by using the model. As the model follows the logical structure of the managed objects, the direct targets can be easily identified. Following the associations between the objects in the Directory, the relevant routers can be found. For example, an object that represents an OSPF area is associated with interface objects. These interface objects are associated with router objects. For configuring this OSPF area, the network administrator selects the area and gives the new values of the attributes. The network manager application then checks the interface associations of the target OSPF area object and finds the target routers. It then knows which routers and which interfaces must be configured according to the changes in the OSPF area object. These managed objects are the direct or primary targets for the configuration operation.

For finding primary targets, as a variant, the network administrator may select one or more managed objects on the user interface provided by the application. In this case, the network administrator gives the primary targets to the application in an explicit manner.

Furthermore, during step 32, by analysing the operation of the network, the network manager application checks whether other routers are affected by the requested configuration change, i.e. it determines indirect targets.

During step 32, the network manager application also carries out a validation operation, consisting of checking the model rules to determine whether the required operation needs further consideration, and checking the validity regarding the managed object. In the example, the network manager application checks whether the operation is in compliance with the OSPF protocol.

The validation operation aims at determining whether the required changes are allowed and determining whether the new state to which the changes lead is valid. The result of the validation operation may be the rejection of the whole configuration request and the sending of a warning signal to the network administrator, indicating a possible problem. The original model must be kept and no routers are to be accessed.

The application gives to the network administrator the possibility to react in case of a warning signal. Pursuant to the network administrator's response, the application may handle the configuration request with further configuration changes.

If the operation is executable, the network manager application searches the right sequence of target routers, which makes it possible to ensure continuous connectivity with the management station 14.

If no suitable sequence is found, the application attempts to define a temporary configuration—e.g. temporary static routes—that can help to find a suitable router sequence.

The application may also attempt to divide the target set into smaller subsets and to define partial operations with their own sequence.

If no temporary solution is found, then the original model must be kept and no routers are to be accessed.

If a router sequence is found, during the following step 36, the network manager application carries out the requested element management steps by triggering the DEN routers or configuring the non-DEN routers via telnet/CLI or SNMP or by any other way found appropriate.

Any error or failure occurring during step 36 is registered in the management station 14, so that a corresponding message can be dispatched to the network administrator 15.

For example, when a target router in the sequence cannot be set successfully, the configuration process is stopped and the user is asked what to do. He has got two options:

-   -   stop the operation at once. In such a case, there are two         further options:         -   leave everything as it is, or         -   restore the original model and the original configuration in             those routers which were set before the error. If an error             happens during restoration, it is a fatal inconsistent             state, the process is stopped immediately and the network             administrator receives a warning signal.     -   delay the operation until the network administrator inputs         contrary instructions. For example, if the network administrator         operates manually on the problematic router and solves the         problem, the process can continue from where it was stopped.

It is to be noted that the defined configuration operation has to be considered as one operation, regardless of the number of target routers. In order to keep the integrity of the defined operation, the process must be considered successful if each target router is set with the new configuration. If at least one router cannot be set, then the whole operation must be considered to have failed, because part of the target routers have the new configuration and the remaining target routers have the old one.

Another requirement is that the network manager application should know the state of all managed routers, namely, which routers are successfully set during the operation, which routers were not successfully set and what managed objects have different settings than the relevant routers. Thus, the network administrator always knows the situation in the Directory and in the network configuration. 

1-11. (canceled)
 12. A method for managing configuration of a network in a management centre, said network having a plurality of target objects, said method comprising: elaborating a model of the network to be managed; identifying a plurality of target objects to be configured in the network; validating the changes to be made upon configuration of said plurality of target objects; and, if all changes have been validated: finding a sequence of target routers associated with said target objects that provides continuous connectivity to said management centre; and configuring each of said target routers.
 13. The method according to claim 12, wherein said model is based on the CIM (Common Information Model) schema.
 14. The method according to claim 12, wherein said identification step includes identifying direct target objects and indirect target objects.
 15. The method according to claim 12, wherein said validation step includes checking the compliance of the changes to be made upon configuration with a predetermined set of rules.
 16. The method according to claim 12, wherein said network is an IP based mobile access network.
 17. An apparatus for managing configuration of a network, said apparatus being located in a management centre, said network having a plurality of target objects, said apparatus comprising: means for elaborating a model of the network to be managed; means for identifying a plurality of target objects to be configured in the network; means for validating the changes to be made upon configuration of said plurality of target objects; means for finding a sequence of target routers associated with said target objects that provides continuous connectivity to said management centre; and means for configuring each of said target routers.
 18. The apparatus according to claim 17, wherein said model is based on the CIM (Common Information Model) schema.
 19. The apparatus according to claim 17, wherein said identification means are adapted to identify direct target objects and indirect target objects.
 20. The apparatus according to claim 17, wherein said validation means are adapted to check the compliance of the changes to be made upon configuration with a predetermined set of rules.
 21. The apparatus according to claim 17, wherein said network is an IP based mobile access network. 